You don’t consider yourself the vulnerable type. Yet when it comes to booking a hotel room, everybody’s at risk for being scammed or duped, especially considering the rate at which scams happen. Proof? A whopping 15 million online bookings are scams, carried out largely by rogue sites, according to a survey by the American Hotel & Lodging Association (AHLA). So how do you avoid becoming the next victim? Keep your eyes open for these nine common scams.

1. Getting phished. Got an email from what looks to be a real hotel offering the deal of a century? This could be a sign of phishing, a scheme in which scammers masquerade as the real thing to lure you into false deals. “If it’s too good to be true, it probably is,” says Katherine R. Hutt, director of communications for the Council of Better Business Bureaus in Arlington, Virginia. To figure out if you’re being phished, see if you can spot anything odd about the sender’s email address. Then hover your mouse over links to see if they lead to sites that aren’t legitimate. Just don’t click on any site within the email unless you know it’s legit. Finally, look for typos and grammatical errors in the email or web site. Many of these phishing schemes originate overseas, where people don’t have as good a grasp on English, Hutt adds.

2. False association. Think you’re hitting the actual site of a hotel? Maybe not, as the site could look like the real deal, but in reality, it’s being run by a fraudster who uses logos, content, language, and trademarks to create a site that looks similar to the hotel’s legitimate site but isn’t associated with the brand in any way. “Sometimes these sites are there just to collect your consumer information, which can be damaging,” says Simon Whitehouse, senior director at MarkMonitor in San Francisco. The site could steal your financial credentials, download malware onto your device, even sell you a product or service that you pay for that never arrives (or arrives and is counterfeit).

3. Being asked for unusual information when booking. It’s not so odd if an airline asks for your birthday, but if you’re asked this when booking a hotel room, run the other way. “The more information you give out about yourself, the more likely it is somebody can steal your identify,” Hutt says.

4. Hidden fees. You might be getting a super-low rate from an online site, but then you’re slapped with an outrageous booking fee. What gives? “Often, those fees were hidden in the fine print, which few people bother to read,” Hutt says.

5. Phony call-center numbers. If you’ve clicked on a lookalike web site that’s masquerading as the hotel but want to call the hotel, the number on that site could lead you to a fake call center. To make sure you have the real hotel, ask specific questions about the hotel that employees would know only if they were there, says Vanessa Sinders, head of government affairs for the AHLA.

6. Unusual payment requests. If you run into a hotel that won’t take credit cards or you’re asked to use a pre-paid card, those are red flags that should tell you to book elsewhere. Your best payment option, by the way? Credit card, Hutt says.

7. Pay-per-click scams. With this scam, you’re usually duped into clicking on a link in a search engine ad, which will then take you to a rogue site, Whitehouse says, adding that vigilance is key. If you click on a link and get directed to a site that looks suspicious or has offers that seem outrageously good, it’s probably a rogue site.

8. Not getting what you paid for. You think you’ve signed up for a beautiful room with a balcony overlooking the ocean. Reality is, though, your less-than-glamorous room overlooks the parking lot. “Many online booking sites aggregate information from other sources, and while some are legit, many aren’t, and the details are often in the fine print,” Hutt says. The ads on the site might have shown those beautiful rooms, but in the fine print, there’s probably a statement saying photos aren’t representative of actual rooms. Always read the fine print (see #4), and if you’re not sure, book directly with the hotel or call the hotel and ask if it’s possible that this deal could be valid. Most importantly, if you do find that you’ve been oversold, don’t get mad at the hotel when you check in. They had nothing to do with the problem, and the nicer you are to them, the more they’ll want to help remedy things.

9. Middle-of-the-night calls from the front desk. Scammers aren’t only looking to get you before the trip but also during your trip. One of the newest? Calls at early-morning hours supposedly from the front desk to report problems with your credit card. You’re then asked to provide that number again, and because you’re often in a dead sleep and don’t think, you give the info, and the scammer’s got you. “Because hotels run your credit card when you check in, they know immediately if there’s a problem, so there would be no reason for them to call at this time,” Hutt says. Besides, unless you’re being asked to evacuate, no hotel will call at crazy hours.